Launchpad CVE tracker

CVE 2005-0586

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.

Related bugs and status

CVE-2005-0586 (Candidate) is related to these bugs:

Bug #12680: [warty] IDN support allows domain name spoofing

Summary				In	Importance	Status
	12680	[warty] IDN support allows domain name spoofing		mozilla (Ubuntu)	High	Fix Released
	12680	[warty] IDN support allows domain name spoofing		mozilla (Debian)	Unknown	Fix Released

Bug #13406: [Warty] CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function

Summary				In	Importance	Status
	13406	[Warty] CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function		mozilla (Ubuntu)	High	Fix Released
	13406	[Warty] CAN-2005-0592 Heap-based buffer overflow in the UTF8ToNewUnicode function		mozilla (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2005-0586

References